commit 163bda2a8a4cf2ddf09d7284b7cc79ce6ddc363d
author dschinazi <dschinazi@google.com> Wed Apr 01 13:34:43 2020 -0700
committer Copybara-Service <copybara-worker@google.com> Wed Apr 01 13:35:15 2020 -0700
tree de5b9cbf5e72c51761a73e2c740936c495b79be7
parent 7133ea979190209a3ffaff08854ddbbef055cd8d

Improve decryption error logging

This CL adds the decryption level to decryption failure logging. It helps debug tests by allowing us to see whether a decryption failure was expected.

gfe-relnote: log-only change, not flag protected
PiperOrigin-RevId: 304252053
Change-Id: Iab2970ab1ed6cbf4de7fd2fec0c34e0f3057707a

quic/core/quic_framer.cc

diff --git a/quic/core/quic_framer.cc b/quic/core/quic_framer.cc
index d41b6b1..f900191 100644
--- a/quic/core/quic_framer.cc
+++ b/quic/core/quic_framer.cc
@@ -1758,7 +1758,10 @@
         visitor_->OnUndecryptablePacket(
             QuicEncryptedPacket(encrypted_reader->FullPayload()),
             decryption_level, has_decryption_key);
-        set_detailed_error("Unable to decrypt header protection.");
+        set_detailed_error(quiche::QuicheStrCat(
+            "Unable to decrypt ", EncryptionLevelToString(decryption_level),
+            " header protection", has_decryption_key ? "" : " (missing key)",
+            "."));
         return RaiseError(QUIC_DECRYPTION_FAILURE);
       }
       RecordDroppedPacketReason(DroppedPacketReason::INVALID_PACKET_NUMBER);
@@ -1823,7 +1826,13 @@
     visitor_->OnUndecryptablePacket(
         QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level,
         has_decryption_key);
-    set_detailed_error("Unable to decrypt payload.");
+    set_detailed_error(quiche::QuicheStrCat(
+        "Unable to decrypt ", EncryptionLevelToString(decryption_level),
+        " payload",
+        has_decryption_key || !version_.KnowsWhichDecrypterToUse()
+            ? ""
+            : " (missing key)",
+        "."));
     RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
     return RaiseError(QUIC_DECRYPTION_FAILURE);
   }
@@ -1914,7 +1923,9 @@
         QuicEncryptedPacket(encrypted_reader->FullPayload()), decryption_level,
         has_decryption_key);
     RecordDroppedPacketReason(DroppedPacketReason::DECRYPTION_FAILURE);
-    set_detailed_error("Unable to decrypt payload.");
+    set_detailed_error(quiche::QuicheStrCat(
+        "Unable to decrypt ", EncryptionLevelToString(decryption_level),
+        " payload."));
     return RaiseError(QUIC_DECRYPTION_FAILURE);
   }
 

quic/core/quic_framer_test.cc

diff --git a/quic/core/quic_framer_test.cc b/quic/core/quic_framer_test.cc
index 049b81e..813d4f6 100644
--- a/quic/core/quic_framer_test.cc
+++ b/quic/core/quic_framer_test.cc
@@ -2399,7 +2399,8 @@
   EXPECT_FALSE(framer_.ProcessPacket(encrypted));
   if (framer_.version().HasHeaderProtection()) {
     EXPECT_THAT(framer_.error(), IsError(QUIC_DECRYPTION_FAILURE));
-    EXPECT_EQ("Unable to decrypt header protection.", framer_.detailed_error());
+    EXPECT_EQ("Unable to decrypt ENCRYPTION_ZERO_RTT header protection.",
+              framer_.detailed_error());
   } else if (framer_.transport_version() >= QUIC_VERSION_46) {
     // Cannot read diversification nonce.
     EXPECT_THAT(framer_.error(), IsError(QUIC_INVALID_PACKET_HEADER));